Need Help to Troubleshoot MySQL Auth FreeRadius 2.1.X

Alan DeKok aland at deployingradius.com
Sat Dec 15 18:13:16 CET 2012 

Prabhpal S. Mavi wrote:
> This is new implementation. Can someone help me to troubleshoot why
> freeradius mysql authentication is failing. i have cross check every
> expect but still seem that something is not in place.

  You haven't read the documentation which says to run the server in
debugging mode.

> Results:
> 
> tail -f "/var/log/radius/radius.log - Output

  You WILL NOT solve the problem by doing this.  The documentation DOES
NOT say to do this, because it is NOT HELPFUL.

> Output of "radiusd -X"
> 
>  ... adding new socket proxy address * port 51412
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on command file /var/run/radiusd/radiusd.sock
> Listening on authentication address 127.0.0.1 port 18120 as server
> inner-tunnel
> Listening on proxy address * port 1814
> Ready to process requests.

  Which is completely and totally useless.

  You do realize that the ENTIRE POINT of running the server in
debugging mode is to see what happens when it receives packets...

> Command to Check the radius Authentication:

  We don't care.  The documentation doesn't say to post this command to
the list, because it is NOT HELPFUL.

> PAY attention to the field "OP" (:= & ==) But auth is not working for any
> user.

  No.  YOU need to pay attention to the documentation.

> 
> mysql> select * from radcheck where UserName='mark';
> +----+----------+-----------+----+-----------------+
> | id | UserName | Attribute | op | Value           |
> +----+----------+-----------+----+-----------------+
> |  3 | mark          | radmin    | := | 99THi49UGotool |
> +----+----------+-----------+----+-----------------+

  This is completely wrong.  It's hard to describe just how wrong this is.

  Read the Wiki.  It has DETAILED INSTRUCTIONS for getting SQL working.
 It includes EXAMPLES.  These examples WILL WORK.

> radius is up and running without authentication "== or :="  make no
> difference  none of the user can authenticate.

  Because you've done something completely wrong.

> Any tip or clue would be greatly appreciated

  Follow the instructions on the wiki for configuring SQL.  It should
take no more than 10 minutes.

  Alan DeKok.

More information about the Freeradius-Users mailing list